Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 23, 2024, 11:05 a.m.	April 23, 2024, 11:14 a.m.

Size	1.0MB
Type	ASCII text, with very long lines, with no line terminators
MD5	`33f70912111412effa6b110349cad484`
SHA256	`1123e7eab45f9f373fa4351cd7c45f70daeb29251d4f4b4a606d9d458d157d92`
CRC32	`F4E5255D`
ssdeep	`6144:NSg6lMvf4heu8iFtEUkrEl7AaxQWYZybOCLlELF90LduTXr4pxbjLrk9ww9uj6Xg:NtHkeZ6EU86n1QybOGIF9udurEk62lw`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\iz.ps1
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 5743 events)

Time & API	Arguments	Status	Return
WriteConsoleW April 23, 2024, 11:05 a.m.	buffer: The term ' console_handle: 0x0000001b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: ' is not recognized as t console_handle: 0x00007fab	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: he name of a cmdlet, function, script file, or operable program. Check the spel console_handle: 0x00007fb7	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: ling of the name, or if a path was included, verify that the path is correct an console_handle: 0x00007fc3	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: d try again. console_handle: 0x00007fcf	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\iz.ps1:1 char:1048577 console_handle: 0x00007fdb	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: + $cm=New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sIAMdkImYC/6S6 console_handle: 0x00007fe7	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 19L0SJIldj39FHXRtKo21DQ0kFgazZjQGgktmm1t0FqrBJb77sRfVT07u7NLWyPz4ssIIISHh/vxc9K console_handle: 0x00007ff3	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: +P9n59q/2ttTppo1Z/tO/evmy1uPwE/KnP7OjtP30f/z0f/78p2If0u3HU2a5pu2n//ynn57PFC9x/9 console_handle: 0x00007fff	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: Mvv7V/fP6WXFv+t7///c9tfv36H59m8Rb/9vQvf/rt68/rszb0178iOP57v/nR//1dMS4//fLn+seD/ console_handle: 0x0000800b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: /2n5/tfu+0nBCd+tAHgL3/s/2+Tfnn+As96f/tz/fcfjWf/p/nT//Zb669qPpRb9fe/PP1nif8687fh console_handle: 0x00008017	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: v/723fz9WeX3xq9/vPht3H/5w9Ifhvxh3m/9cd+m/Ydr/nm4//Sfhvz85bcj/rHfX/79QdJxH7Y/DvN console_handle: 0x00008023	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 7+8eB/v3wf774705X/3a6+jkU/B/s/+9P/v/lgL+Na39/98t/deBvA/9Y798N/P3Yf/vd0t9W/HGCf+ console_handle: 0x0000802f	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: v/a/J9Tvvn9r9x3e9z/vRf/msI/Wj8o8y3f0zLmP4jzrIlX9f//Kd/+fwIp1/+fMTLP/ox27v8sfRH5 console_handle: 0x0000803b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 8ewPNuX/C9/+pffHuzDGhf5P4Z4q4/8H32+VWP2I5Z++dt7mtixj+vhuRBmX5Z82H7v/1XIt/e65n3S console_handle: 0x00008047	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 1fn6y19++r9/8qt8yf/VSJo8fQL6pz//469CNyZx98ewi4nT6kmH95D9eKeOafzD+r/aU1dvv/z8f/3 console_handle: 0x00008053	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 8l7/9K/z3v3LzHnfrLz/b17rl/V+zrvv5Lz/9l7/82M+5pvyXn7U6XcZ1LLa/+vWAIn91fzNe/8127X console_handle: 0x0000805f	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: fTf/7nwcop/uHU/+kZf6z6+5xffn6an8cx79/d9/Ovf/ux3ROJP/2f/2aM9dxK3ed/lYYtX8bJzpejT console_handle: 0x0000806b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: vP1r2I8ZF1u5cXPv/708/qk/lD+/JfHhiXf9mX46Z+mPPOOsc1/+fOwd92vz7p/+19d9++/6Pn5T9f+ console_handle: 0x00008077	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: r0765d9PekZ9tuUvv/70y/+yN7TfYub35Z7j/Afr/11g/eX5/Ifg+sv/MEazvMvLeMv/sT3u/bcg/dO console_handle: 0x00008083	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: //Mvffmvlz2F++Yxr/dusJ8F//Ul7LIi3cbl+XKWz7Plf/v5vd/P7lv+cuP76P10H/mPSH1N+v5nfbP console_handle: 0x0000808f	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: gBOt5YZ3//07/8M2x+PP5Hstddli8/Xv/Ps4DNi3rI2WuI+zr9Z6D/8j+6rbzo8t9c8dd/DtMfK3/5+ console_handle: 0x0000809b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: Y8Xecb+4ZjH1b/+7T/O4vp6+7ep9O+2vdPnwtfHqCcW/vLf2vL75f3yszRoef/47vf+E59/Lp70yv85 console_handle: 0x000080a7	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: +o+Uuv65+Y/+jyBmunhdf/3psz/pnf76k53HXZ79+tN7WOs/Xr33bfyt+fO/Wavt3Van8br9c7W//48 console_handle: 0x000080b3	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: c+sfOzDg8mbKnz8U+TnDsKU/ruPvhk19/Eusspy+7Lv9pwc//I48wcdc9mfYsdDwX8jz54Ql7+xEtS/ console_handle: 0x000080bf	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: brfx8af/nrU5elfury/hn9G/TwXVw+SPNHIv0WaHGZZz//v1j9z/T4PRd+eOqfLvp3Nj+3b3fj9utPX console_handle: 0x000080cb	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: r1sD5r9/Ot/CLr/n+b9e2D5b6xklvyPW/zlR/r9jf6DKuRD+oNnPFH21JcfIf2HO39z3rI9juOXsafj console_handle: 0x000080d7	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: NScw+zcA++Vnxenj9BCugAbywVI34hIJfX63pZNWdRClyMfARg2sjj6LBjeStsIPJ+UKg51e39f3xQK console_handle: 0x000080e3	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: sTnzFcjvd1aS/rdLV8dGVX1A6h2uOWy7GHXDeipTPGtRRrQT96GbRVtx8sEqzDGnC7UsqJiDEfu60o5 console_handle: 0x000080ef	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: SRlyfp7XdoSsEGBzdvIHgfUgFcUcm67oKTBSBMOu8Ba922WRnsDDy5y0JIZaahJBQcHufKt1M4QB3WF console_handle: 0x000080fb	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: zQjoChlfKoDZk66aYB+ZwYxdoQ07ilCIQNA5Zfx0gLLisn93kIoXi884bferOuDOM9M4/PL4d2e3foe console_handle: 0x00008107	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: zFllVue1h1lE47CjPnQzewfD4QcVB3Qfu94cjjVwGw4KtYj8r96gwxWoBSusDMSgEJzKLRtAIuecOH4 console_handle: 0x00008113	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: C7OS6+GhZHPahdj2DXIxUlFKzSYp9jPczg+vV2vmYb4sRne+uqUeq2qH8/hL22hFESlZYXm10H5k0kT console_handle: 0x0000811f	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: pGamkdhm3ZKBo9SSCB9bIhtyONvjPIT0EzC6XNZDKGDCbZuK9YUEPBKhgOorJjzm5NRhrfp8kqwg2eP console_handle: 0x0000812b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: qGep5SqENac1Wpfr2nq7LtPfPq16ELSV+IqLoy7fbBQF0/CeBviTJvjOK6KrWjRkfFfaag5xey+eUMz console_handle: 0x00008137	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: mZ2egU+nEIftBbKB2ledviiKRYfeQsPg9b1fgmHxwncpTLwRj8G6/GYsbIaSxemTLlDO1zxLBBpkvtz console_handle: 0x00008143	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: zsYIglmxS8WUc2ef9Ye6j4cZ12G9lWb6AamaYC9No1uPePOCXOAIWmERbRXnW18X2ytW9rYY9op6Zlf console_handle: 0x0000814f	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: yWyp1EBSFW40u7FrOWUT08g24T9MILEUeJUE9EyLfaMGAvMerifCnp9ebT09w29UmGteVFQ9q5j+R9e console_handle: 0x0000815b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: SO4v9MrsFApfx+8l9mUtmseSA41fKppSaKhHlTsZ3hAQRXSBvGpxRbBqIXpgXDvxVADNvXPK4ODVuXf console_handle: 0x00008167	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: l/KNIPgVIqQ1xgDIR/yJzUy/ABVM1KER8z0U363gV4nK9q2xqKCVzpsjM4hCVfZL08hGKO2DV2Jg3Rt console_handle: 0x00008173	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: LyUHUoxfG65la/n5HYqY/bUTonfsEJk9De+HjAEyF/PQxtgowOWmtAH9rCibcT6Igy4UFzc/Vb19Px1 console_handle: 0x0000817f	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 4HgUVWGR/6RpjqJHqdazqy8b3DVKrG1ZwZOU4v8A0QKUOclGRB7vke6Y+ATQC5l4I0X24ZRhMH97PNm console_handle: 0x0000818b	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: 6VMgXCklk798dQj8Ai2zGvy2wqyzNGTuR3NS7EMhc/IYp+jsuVCdOuVmLrek83aT8jvyq5G8oAHYakt console_handle: 0x00008197	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: XPQsUlJGH/ZgZl7hAnnniOiaMLlE/0KZ/R5OPDiYKChqFiM5FnZ6/qOQPqOfF12xMn0BZf3JD9Y2WnR console_handle: 0x000081a3	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: tx0QythIxrcvUdy/aZZy1j9Nav3pBCcZyefR3xKzZwz2WWScQXoNJvHgaBc+whaJIvlY1DRbKcaZtZs console_handle: 0x000081af	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: aUZrWCe/PA/hY/8kxIkBIgQRGHlulMmTm4cPa+ddsN7vREW8z8UOun51xWc9hAyXx+7tMKJ2EJrjVU7 console_handle: 0x000081bb	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: aU2L+wlJKLhwS+sCrrGR5aFf9hAS3G9InxoKwl090tYq+oua56VHZ70I+iisKDdALTjDvEtdk3ppTfX console_handle: 0x000081c7	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: GtOb0kaaRtb+A9RwEH6oFMrN68yrp2a9A6dLvXySBh7nqDuZ/G1netc7Q9SxvrM5c16/VU/Q8K3t8x3 console_handle: 0x000081d3	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: Q7k1UMT33YKZlsqfWlGu8dGrdn5xlbfXeequwaxhlvgjUm+dWZ6OpxKEJ5NIYlQ/r1vm846VJJuIG5A console_handle: 0x000081df	1	1
WriteConsoleW April 23, 2024, 11:06 a.m.	buffer: fFBhiKwgn/HMtMcamzM7HkDd1c5ZqoRtlAGxXWbfvCgPCwv74+jwE3f+xcb8ahDh+QYzctzdXd9kER4 console_handle: 0x000081eb	1	1

Uses Windows APIs to generate a cryptographic key (8 events)

Time & API	Arguments	Status	Return
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 23, 2024, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04d853d0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 23, 2024, 11:05 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (19 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0250b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0251f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x062d0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06441000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06442000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06443000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027b1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027b3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:05 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027b4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2024, 11:06 a.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05470000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 events)

ALYac	Generic.PwShell.Rozena.3.8EF0C4D9
VIPRE	Generic.PwShell.Rozena.3.8EF0C4D9
Sangfor	Trojan.Generic-PS.Save.07a1149b
Arcabit	Generic.PwShell.Rozena.3.8EF0C4D9 [many]
Symantec	ISB.Downloader!gen173
ESET-NOD32	PowerShell/Kryptik.EJ
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	Generic.PwShell.Rozena.3.8EF0C4D9
MicroWorld-eScan	Generic.PwShell.Rozena.3.8EF0C4D9
Rising	Trojan.Injector/PS!1.D1D5 (CLASSIC)
Emsisoft	Generic.PwShell.Rozena.3.8EF0C4D9 (B)
FireEye	Generic.PwShell.Rozena.3.8EF0C4D9
Ikarus	Trojan.PS.Agent
Google	Detected
ZoneAlarm	HEUR:Trojan.Script.Generic
GData	Generic.PwShell.Rozena.3.8EF0C4D9 (2x)
Varist	PSH/Inject.A.gen!Camelot
Tencent	Trojan.PowerShell.Obfuscated.11027659
MAX	malware (ai score=80)

iz.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All